This is an archive of the discontinued LLVM Phabricator instance.

Differential D32842

Specify which sanitizers are covered by a sanitizer blacklist
Needs ReviewPublic

Authored by vsk on May 3 2017, 5:25 PM.

Details

Reviewers
pcc
eugenis
kcc
kubamracek
Summary

Sanitizer blacklists currently apply to all enabled sanitizers. E.g if
multiple sanitizers are enabled, it isn't possible to specify a
blacklist for one sanitizer and not another.

This makes it impossible to load default blacklists for more than one
sanitizer, because doing so would result in false negatives (i.e, some
code may not be instrumented by the right sanitizer, because the final
sanitizer blacklist is the union of all available blacklists).

This patch fixes the situation by changing the internal representation
of blacklists. It becomes mandatory to specify which sanitizers are
covered by each blacklist, and to specify the sanitization kind up-front
when querying the blacklist.

This resolves the "multiple default sanitizer blacklists" situation.
Instead of arbitrarily picking a default blacklist and ignoring the
rest, we would correctly load all of them s.t entries in one blacklist
which apply to one sanitizer could not mistakenly be applied to another
sanitizer.

For now, the user-facing -fsanitize-blacklist driver option is left
unchanged. Specifying a blacklist in this way creates a blacklist which
covers all enabled sanitizers.

The internal -fsanitize-blacklist frontend option is modified so that
the names of the covered sanitizers are passed along with the path to
the blacklist file. E.g this:

clang -cc1 -fsanitize=address -fsanitize-blacklist=BL.txt

Becomes this:

clang -cc1 -fsanitize=address -fsanitize-blacklist=address:BL.txt

This patch obsoletes D32047.

Diff Detail

Event Timeline

vsk created this revision.May 3 2017, 5:25 PM
vsk added reviewers: kcc, kubamracek.May 5 2017, 2:19 PM
vsk added a subscriber: zaks.anna.

@zaks.anna suggested some more reviewers who may be interested.

vsk added a comment.May 12 2017, 9:48 AM

Ping.

vsk added a subscriber: george.karpenkov.May 23 2017, 11:07 AM

Ping. (@george.karpenkov, do you have the time to take a look?)

george.karpenkov added a comment.May 25 2017, 4:01 PM

@vsk Looks reasonable to me, although I would say such a change should probably require more tests.
However, I am not a C++ expert, and I am still not overly familiar with a codebase, so I'm not sure whether I should be a single reviewer.

eugenis edited edge metadata.May 30 2017, 1:23 PM

This change scares me a bit, to be honest. Is this really that big of a problem? Blacklists are not supposed to be big, maybe we can tolerate a few false negatives?

Consider extending the blacklist syntax instead, the same way Valgrind does. Blacklist entries could be annotated with a list of sanitizers they apply to, like

asan,ubsan : src: file.cc:line

or an even less verbose way using sections

[asan]
src:
src:
[msan]
src:

As an extra benefit, all default blacklists can be merged into one.

vsk added a comment.May 30 2017, 2:03 PM
In D32842#768038, @eugenis wrote:

This change scares me a bit, to be honest. Is this really that big of a problem? Blacklists are not supposed to be big, maybe we can tolerate a few false negatives?

I'd like to make it possible to deploy a larger default blacklist for one sanitizer without inhibiting the other sanitizers. This would be useful if we find a bug in a runtime check: we could temporarily work around the issue by deploying a new blacklist, instead of changing the compiler or build system. It won't be possible to do this if blacklist updates can introduce false negatives.

Also, as a separate point, I think a design which permits false negatives is worrisome in and of itself, and is worth fixing.

Consider extending the blacklist syntax instead, the same way Valgrind does.

I like this idea. However, I think that it would require most of the changes in this patch, with some additional work to change SpecialCaseList.

Blacklist entries could be annotated with a list of sanitizers they apply to, like

asan,ubsan : src: file.cc:line

or an even less verbose way using sections

[asan]
src:
src:
[msan]
src:

As an extra benefit, all default blacklists can be merged into one.

It would be nice to combine the default blacklists into one file with separate sections for each sanitizer. I'll look into this (hopefully next week).

vsk mentioned this in D35849: [UBSan] Provide default blacklist filename for UBSan.Jul 25 2017, 11:39 AM
shenhan added a subscriber: shenhan.Jul 25 2017, 1:31 PM

Thanks. Can you update "SanitizerArgs::collectDefaultBlacklists" to include "ubsan_blacklist.txt"?

shenhan added a comment.Jul 31 2017, 11:51 AM

Ping? Can we make a decision on this?
I've this simple one D35849: [UBSan] Provide default blacklist filename for UBSan which, depending on this, shall be discarded or move forward.
If this CL stalls, I'll seek to proceed with D35849. Any how, D35849 gets wiped out whence this CL (D32842) is submitted.

vsk added a comment.Jul 31 2017, 12:50 PM
In D32842#826383, @shenhan wrote:

Ping? Can we make a decision on this?
I've this simple one D35849: [UBSan] Provide default blacklist filename for UBSan which, depending on this, shall be discarded or move forward.
If this CL stalls, I'll seek to proceed with D35849. Any how, D35849 gets wiped out whence this CL (D32842) is submitted.

Please go ahead with D35849, I believe @pcc sgtm'd an identical patch of mine a while back, and it lgtm as well. Once I have time to revisit this I'll make sure to consider ubsan_blacklist.txt.

vlad.tsyrklevich added a subscriber: vlad.tsyrklevich.Aug 11 2017, 4:30 PM
vsk updated this revision to Diff 114882.Sep 12 2017, 12:50 PM
  • Rebase to ToT.
vsk added a comment.Sep 12 2017, 12:55 PM

@eugenis I gave the idea of annotating blacklist entries with a list of sanitizers they apply to some thought. It would be a nice follow-up to this change, but would depend on it. As an initial step, I think we should move forward with this patch, since it makes it possible to apply blacklists selectively.

vlad.tsyrklevich added a comment.Sep 12 2017, 1:33 PM

@vsk Why don't I take a look at implementing the blacklist selection methods @eugenis mentioned on top of this change now so that we can skip ahead and merge something everyone is satisfied with?

vsk added a comment.Sep 12 2017, 1:53 PM
In D32842#868505, @vlad.tsyrklevich wrote:

@vsk Why don't I take a look at implementing the blacklist selection methods @eugenis mentioned on top of this change now so that we can skip ahead and merge something everyone is satisfied with?

Feel free.

Revision Contents

PathSize
include/
clang/
AST/
4 lines
Basic/
6 lines
43 lines
Driver/
24 lines
lib/
AST/
2 lines
10 lines
Basic/
1 line
52 lines
CodeGen/
6 lines
20 lines
2 lines
15 lines
3 lines
20 lines
Driver/
116 lines
Frontend/
22 lines
test/
CodeGen/
4 lines
4 lines
6 lines
4 lines
2 lines
4 lines
2 lines
CodeGenCXX/
2 lines
Driver/
Inputs/
resource_dir/
13 lines
Frontend/
32 lines

Diff 97755

include/clang/AST/ASTContext.h

Show First 20 LinesShow All 468 Lines▼ Show 20 Linesprivate:
SourceManager &SourceMgr; SourceManager &SourceMgr;
/// \brief The language options used to create the AST associated with /// \brief The language options used to create the AST associated with
/// this ASTContext object. /// this ASTContext object.
LangOptions &LangOpts; LangOptions &LangOpts;
/// \brief Blacklist object that is used by sanitizers to decide which /// \brief Blacklist object that is used by sanitizers to decide which
/// entities should not be instrumented. /// entities should not be instrumented.
std::unique_ptr<SanitizerBlacklist> SanitizerBL; std::unique_ptr<SanitizerBlacklistInfo> SanitizerBL;
/// \brief Function filtering mechanism to determine whether a given function /// \brief Function filtering mechanism to determine whether a given function
/// should be imbued with the XRay "always" or "never" attributes. /// should be imbued with the XRay "always" or "never" attributes.
std::unique_ptr<XRayFunctionFilter> XRayFilter; std::unique_ptr<XRayFunctionFilter> XRayFilter;
/// \brief The allocator used to create AST objects. /// \brief The allocator used to create AST objects.
/// ///
/// AST objects are never destructed; rather, all memory associated with the /// AST objects are never destructed; rather, all memory associated with the
▲ Show 20 LinesShow All 167 Lines▼ Show 20 Linespublic:
/// sets floating point QualTy according to specified bitwidth. /// sets floating point QualTy according to specified bitwidth.
/// Returns empty type if there is no appropriate target types. /// Returns empty type if there is no appropriate target types.
QualType getRealTypeForBitwidth(unsigned DestWidth) const; QualType getRealTypeForBitwidth(unsigned DestWidth) const;
bool AtomicUsesUnsupportedLibcall(const AtomicExpr *E) const; bool AtomicUsesUnsupportedLibcall(const AtomicExpr *E) const;
const LangOptions& getLangOpts() const { return LangOpts; } const LangOptions& getLangOpts() const { return LangOpts; }
const SanitizerBlacklist &getSanitizerBlacklist() const { const SanitizerBlacklistInfo &getSanitizerBlacklist() const {
return *SanitizerBL; return *SanitizerBL;
} }
const XRayFunctionFilter &getXRayFilter() const { const XRayFunctionFilter &getXRayFilter() const {
return *XRayFilter; return *XRayFilter;
} }
DiagnosticsEngine &getDiagnostics() const; DiagnosticsEngine &getDiagnostics() const;
▲ Show 20 LinesShow All 2,156 LinesShow Last 20 Lines

include/clang/Basic/LangOptions.h

Show All 13 Lines
#ifndef LLVM_CLANG_BASIC_LANGOPTIONS_H #ifndef LLVM_CLANG_BASIC_LANGOPTIONS_H
#define LLVM_CLANG_BASIC_LANGOPTIONS_H #define LLVM_CLANG_BASIC_LANGOPTIONS_H
#include "clang/Basic/CommentOptions.h" #include "clang/Basic/CommentOptions.h"
#include "clang/Basic/LLVM.h" #include "clang/Basic/LLVM.h"
#include "clang/Basic/ObjCRuntime.h" #include "clang/Basic/ObjCRuntime.h"
#include "clang/Basic/Sanitizers.h" #include "clang/Basic/Sanitizers.h"
#include "clang/Basic/SanitizerBlacklist.h"
#include "clang/Basic/Visibility.h" #include "clang/Basic/Visibility.h"
#include <string> #include <string>
#include <vector> #include <vector>
namespace clang { namespace clang {
/// Bitfields of LangOptions, split out from LangOptions in order to ensure that /// Bitfields of LangOptions, split out from LangOptions in order to ensure that
/// this large collection of bitfields is a trivial class type. /// this large collection of bitfields is a trivial class type.
▲ Show 20 LinesShow All 63 Lines▼ Show 20 Lines enum FPContractModeKind {
FPC_On, // Form fused FP ops according to FP_CONTRACT rules. FPC_On, // Form fused FP ops according to FP_CONTRACT rules.
FPC_Fast // Aggressively fuse FP ops (E.g. FMA). FPC_Fast // Aggressively fuse FP ops (E.g. FMA).
}; };
public: public:
/// \brief Set of enabled sanitizers. /// \brief Set of enabled sanitizers.
SanitizerSet Sanitize; SanitizerSet Sanitize;
/// \brief Paths to blacklist files specifying which objects /// \brief Per-sanitizer blacklist files specifying which objects
/// (files, functions, variables) should not be instrumented. /// (files, functions, variables) should not be instrumented.
std::vector<SanitizerBlacklist> SanitizerBlacklists;
/// Paths to sanitizer blacklist files.
std::vector<std::string> SanitizerBlacklistFiles; std::vector<std::string> SanitizerBlacklistFiles;
/// \brief Paths to the XRay "always instrument" files specifying which /// \brief Paths to the XRay "always instrument" files specifying which
/// objects (files, functions, variables) should be imbued with the XRay /// objects (files, functions, variables) should be imbued with the XRay
/// "always instrument" attribute. /// "always instrument" attribute.
std::vector<std::string> XRayAlwaysInstrumentFiles; std::vector<std::string> XRayAlwaysInstrumentFiles;
/// \brief Paths to the XRay "never instrument" files specifying which /// \brief Paths to the XRay "never instrument" files specifying which
▲ Show 20 LinesShow All 133 LinesShow Last 20 Lines

include/clang/Basic/SanitizerBlacklist.h

Show All 9 Lines
// User-provided blacklist used to disable/alter instrumentation done in // User-provided blacklist used to disable/alter instrumentation done in
// sanitizers. // sanitizers.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_BASIC_SANITIZERBLACKLIST_H #ifndef LLVM_CLANG_BASIC_SANITIZERBLACKLIST_H
#define LLVM_CLANG_BASIC_SANITIZERBLACKLIST_H #define LLVM_CLANG_BASIC_SANITIZERBLACKLIST_H
#include "clang/Basic/LLVM.h" #include "clang/Basic/LLVM.h"
#include "clang/Basic/Sanitizers.h"
#include "clang/Basic/SourceLocation.h" #include "clang/Basic/SourceLocation.h"
#include "clang/Basic/SourceManager.h" #include "clang/Basic/SourceManager.h"
#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/StringRef.h" #include "llvm/ADT/StringRef.h"
#include "llvm/Support/SpecialCaseList.h" #include "llvm/Support/SpecialCaseList.h"
#include <memory> #include <memory>
namespace clang { namespace clang {
class SanitizerBlacklist { struct SanitizerBlacklist {
/// The set of sanitizers this blacklist applies to.
SanitizerMask Sanitizers;
/// The path to the blacklist file.
StringRef Path;
SanitizerBlacklist(SanitizerMask SM, StringRef P) : Sanitizers(SM), Path(P) {}
};
class SanitizerBlacklistInfo {
struct Blacklist {
SanitizerMask Sanitizers;
std::unique_ptr<llvm::SpecialCaseList> SCL; std::unique_ptr<llvm::SpecialCaseList> SCL;
Blacklist(SanitizerMask Sanitizers,
std::unique_ptr<llvm::SpecialCaseList> SCL)
: Sanitizers(Sanitizers), SCL(std::move(SCL)) {}
};
SmallVector<Blacklist, 2> BLs;
SourceManager &SM; SourceManager &SM;
bool isBlacklisted(StringRef SectionName, StringRef Ident, SanitizerMask Kind,
StringRef Category) const;
public: public:
SanitizerBlacklist(const std::vector<std::string> &BlacklistPaths, SanitizerBlacklistInfo(ArrayRef<SanitizerBlacklist> Blacklists,
SourceManager &SM); SourceManager &SM);
bool isBlacklistedGlobal(StringRef GlobalName, bool isBlacklistedGlobal(StringRef GlobalName, SanitizerMask Kind,
StringRef Category = StringRef()) const; StringRef Category = StringRef()) const;
bool isBlacklistedType(StringRef MangledTypeName, bool isBlacklistedType(StringRef MangledTypeName, SanitizerMask Kind,
StringRef Category = StringRef()) const; StringRef Category = StringRef()) const;
bool isBlacklistedFunction(StringRef FunctionName) const; bool isBlacklistedFunction(StringRef FunctionName, SanitizerMask Kind) const;
bool isBlacklistedFile(StringRef FileName, bool isBlacklistedFile(StringRef FileName, SanitizerMask Kind,
StringRef Category = StringRef()) const; StringRef Category = StringRef()) const;
bool isBlacklistedLocation(SourceLocation Loc, bool isBlacklistedLocation(SourceLocation Loc, SanitizerMask Kind,
StringRef Category = StringRef()) const; StringRef Category = StringRef()) const;
}; };
} // end namespace clang } // end namespace clang
#endif #endif

include/clang/Driver/SanitizerArgs.h

//===--- SanitizerArgs.h - Arguments for sanitizer tools -------*- C++ -*-===// //===--- SanitizerArgs.h - Arguments for sanitizer tools -------*- C++ -*-===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_DRIVER_SANITIZERARGS_H #ifndef LLVM_CLANG_DRIVER_SANITIZERARGS_H
#define LLVM_CLANG_DRIVER_SANITIZERARGS_H #define LLVM_CLANG_DRIVER_SANITIZERARGS_H
#include "clang/Basic/Sanitizers.h" #include "clang/Basic/Sanitizers.h"
#include "clang/Basic/SanitizerBlacklist.h"
#include "clang/Driver/Types.h" #include "clang/Driver/Types.h"
#include "llvm/ADT/Optional.h"
#include "llvm/Option/Arg.h" #include "llvm/Option/Arg.h"
#include "llvm/Option/ArgList.h" #include "llvm/Option/ArgList.h"
#include <string> #include <string>
#include <vector> #include <vector>
namespace clang { namespace clang {
namespace driver { namespace driver {
class Driver;
class ToolChain; class ToolChain;
class SanitizerArgs { class SanitizerArgs {
SanitizerSet Sanitizers; SanitizerSet Sanitizers;
SanitizerSet RecoverableSanitizers; SanitizerSet RecoverableSanitizers;
SanitizerSet TrapSanitizers; SanitizerSet TrapSanitizers;
std::vector<std::string> BlacklistFiles;
std::vector<std::string> ExtraDeps;
int CoverageFeatures = 0; int CoverageFeatures = 0;
int MsanTrackOrigins = 0; int MsanTrackOrigins = 0;
bool MsanUseAfterDtor = false; bool MsanUseAfterDtor = false;
bool CfiCrossDso = false; bool CfiCrossDso = false;
int AsanFieldPadding = 0; int AsanFieldPadding = 0;
bool AsanSharedRuntime = false; bool AsanSharedRuntime = false;
bool AsanUseAfterScope = true; bool AsanUseAfterScope = true;
bool LinkCXXRuntimes = false; bool LinkCXXRuntimes = false;
bool NeedPIE = false; bool NeedPIE = false;
bool Stats = false; bool Stats = false;
bool TsanMemoryAccess = true; bool TsanMemoryAccess = true;
bool TsanFuncEntryExit = true; bool TsanFuncEntryExit = true;
bool TsanAtomics = true; bool TsanAtomics = true;
/// Blacklists which each apply to specific sanitizers.
std::vector<SanitizerBlacklist> SanitizerBlacklists;
/// Paths to all sanitizer blacklist files.
std::vector<std::string> SanitizerBlacklistFiles;
/// Paths to sanitizer blacklist files which need depfile entries.
std::vector<StringRef> ExtraDeps;
/// Collect all default blacklists for the sanitizers enabled in \p Kinds.
void collectDefaultBlacklists(const Driver &D, SanitizerMask Kinds);
public: public:
/// Parses the sanitizer arguments from an argument list. /// Parses the sanitizer arguments from an argument list.
SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args); SanitizerArgs(const ToolChain &TC, const llvm::opt::ArgList &Args);
bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); } bool needsAsanRt() const { return Sanitizers.has(SanitizerKind::Address); }
bool needsSharedAsanRt() const { return AsanSharedRuntime; } bool needsSharedAsanRt() const { return AsanSharedRuntime; }
bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); } bool needsTsanRt() const { return Sanitizers.has(SanitizerKind::Thread); }
bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); } bool needsMsanRt() const { return Sanitizers.has(SanitizerKind::Memory); }
Show All 15 Lines public:
} }
bool requiresPIE() const; bool requiresPIE() const;
bool needsUnwindTables() const; bool needsUnwindTables() const;
bool linkCXXRuntimes() const { return LinkCXXRuntimes; } bool linkCXXRuntimes() const { return LinkCXXRuntimes; }
bool hasCrossDsoCfi() const { return CfiCrossDso; } bool hasCrossDsoCfi() const { return CfiCrossDso; }
void addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, void addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs, types::ID InputType) const; llvm::opt::ArgStringList &CmdArgs, types::ID InputType) const;
/// Encode a sanitizer blacklist argument as a string.
static std::string encodeBlacklistArg(const SanitizerBlacklist &SB);
/// Decode a sanitizer blacklist argument. Returns true on success.
static bool decodeBlacklistArg(const std::string &Arg, SanitizerMask &Kinds,
std::string &Path);
}; };
} // namespace driver } // namespace driver
} // namespace clang } // namespace clang
#endif #endif

lib/AST/ASTContext.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 742 Lines▼ Show 20 Lines : FunctionProtoTypes(this_()), TemplateSpecializationTypes(this_()),
ObjCClassDecl(nullptr), ObjCProtocolClassDecl(nullptr), BOOLDecl(nullptr), ObjCClassDecl(nullptr), ObjCProtocolClassDecl(nullptr), BOOLDecl(nullptr),
CFConstantStringTagDecl(nullptr), CFConstantStringTypeDecl(nullptr), CFConstantStringTagDecl(nullptr), CFConstantStringTypeDecl(nullptr),
ObjCInstanceTypeDecl(nullptr), FILEDecl(nullptr), jmp_bufDecl(nullptr), ObjCInstanceTypeDecl(nullptr), FILEDecl(nullptr), jmp_bufDecl(nullptr),
sigjmp_bufDecl(nullptr), ucontext_tDecl(nullptr), sigjmp_bufDecl(nullptr), ucontext_tDecl(nullptr),
BlockDescriptorType(nullptr), BlockDescriptorExtendedType(nullptr), BlockDescriptorType(nullptr), BlockDescriptorExtendedType(nullptr),
cudaConfigureCallDecl(nullptr), FirstLocalImport(), LastLocalImport(), cudaConfigureCallDecl(nullptr), FirstLocalImport(), LastLocalImport(),
ExternCContext(nullptr), MakeIntegerSeqDecl(nullptr), ExternCContext(nullptr), MakeIntegerSeqDecl(nullptr),
TypePackElementDecl(nullptr), SourceMgr(SM), LangOpts(LOpts), TypePackElementDecl(nullptr), SourceMgr(SM), LangOpts(LOpts),
SanitizerBL(new SanitizerBlacklist(LangOpts.SanitizerBlacklistFiles, SM)), SanitizerBL(new SanitizerBlacklistInfo(LangOpts.SanitizerBlacklists, SM)),
XRayFilter(new XRayFunctionFilter(LangOpts.XRayAlwaysInstrumentFiles, XRayFilter(new XRayFunctionFilter(LangOpts.XRayAlwaysInstrumentFiles,
LangOpts.XRayNeverInstrumentFiles, SM)), LangOpts.XRayNeverInstrumentFiles, SM)),
AddrSpaceMap(nullptr), Target(nullptr), AuxTarget(nullptr), AddrSpaceMap(nullptr), Target(nullptr), AuxTarget(nullptr),
PrintingPolicy(LOpts), Idents(idents), Selectors(sels), PrintingPolicy(LOpts), Idents(idents), Selectors(sels),
BuiltinInfo(builtins), DeclarationNames(*this), ExternalSource(nullptr), BuiltinInfo(builtins), DeclarationNames(*this), ExternalSource(nullptr),
Listener(nullptr), Comments(SM), CommentsLoaded(false), Listener(nullptr), Comments(SM), CommentsLoaded(false),
CommentCommandTraits(BumpAlloc, LOpts.CommentOpts), LastSDM(nullptr, 0) { CommentCommandTraits(BumpAlloc, LOpts.CommentOpts), LastSDM(nullptr, 0) {
TUDecl = TranslationUnitDecl::Create(*this); TUDecl = TranslationUnitDecl::Create(*this);
▲ Show 20 LinesShow All 8,808 LinesShow Last 20 Lines

lib/AST/Decl.cpp

Show First 20 LinesShow All 3,901 Lines▼ Show 20 Lines if (Decls.empty())
return; return;
std::tie(FirstDecl, LastDecl) = BuildDeclChain(Decls, std::tie(FirstDecl, LastDecl) = BuildDeclChain(Decls,
/*FieldsAlreadyLoaded=*/false); /*FieldsAlreadyLoaded=*/false);
} }
bool RecordDecl::mayInsertExtraPadding(bool EmitRemark) const { bool RecordDecl::mayInsertExtraPadding(bool EmitRemark) const {
ASTContext &Context = getASTContext(); ASTContext &Context = getASTContext();
if (!Context.getLangOpts().Sanitize.hasOneOf( SanitizerMask ASanMask =
SanitizerKind::Address | SanitizerKind::KernelAddress) || SanitizerKind::Address | SanitizerKind::KernelAddress;
if (!Context.getLangOpts().Sanitize.hasOneOf(ASanMask) ||
!Context.getLangOpts().SanitizeAddressFieldPadding) !Context.getLangOpts().SanitizeAddressFieldPadding)
return false; return false;
const auto &Blacklist = Context.getSanitizerBlacklist(); const auto &Blacklist = Context.getSanitizerBlacklist();
const auto *CXXRD = dyn_cast<CXXRecordDecl>(this); const auto *CXXRD = dyn_cast<CXXRecordDecl>(this);
// We may be able to relax some of these requirements. // We may be able to relax some of these requirements.
int ReasonToReject = -1; int ReasonToReject = -1;
if (!CXXRD || CXXRD->isExternCContext()) if (!CXXRD || CXXRD->isExternCContext())
ReasonToReject = 0; // is not C++. ReasonToReject = 0; // is not C++.
else if (CXXRD->hasAttr<PackedAttr>()) else if (CXXRD->hasAttr<PackedAttr>())
ReasonToReject = 1; // is packed. ReasonToReject = 1; // is packed.
else if (CXXRD->isUnion()) else if (CXXRD->isUnion())
ReasonToReject = 2; // is a union. ReasonToReject = 2; // is a union.
else if (CXXRD->isTriviallyCopyable()) else if (CXXRD->isTriviallyCopyable())
ReasonToReject = 3; // is trivially copyable. ReasonToReject = 3; // is trivially copyable.
else if (CXXRD->hasTrivialDestructor()) else if (CXXRD->hasTrivialDestructor())
ReasonToReject = 4; // has trivial destructor. ReasonToReject = 4; // has trivial destructor.
else if (CXXRD->isStandardLayout()) else if (CXXRD->isStandardLayout())
ReasonToReject = 5; // is standard layout. ReasonToReject = 5; // is standard layout.
else if (Blacklist.isBlacklistedLocation(getLocation(), "field-padding")) else if (Blacklist.isBlacklistedLocation(getLocation(), ASanMask,
"field-padding"))
ReasonToReject = 6; // is in a blacklisted file. ReasonToReject = 6; // is in a blacklisted file.
else if (Blacklist.isBlacklistedType(getQualifiedNameAsString(), else if (Blacklist.isBlacklistedType(getQualifiedNameAsString(), ASanMask,
"field-padding")) "field-padding"))
ReasonToReject = 7; // is blacklisted. ReasonToReject = 7; // is blacklisted.
if (EmitRemark) { if (EmitRemark) {
if (ReasonToReject >= 0) if (ReasonToReject >= 0)
Context.getDiagnostics().Report( Context.getDiagnostics().Report(
getLocation(), getLocation(),
diag::remark_sanitize_address_insert_extra_padding_rejected) diag::remark_sanitize_address_insert_extra_padding_rejected)
▲ Show 20 LinesShow All 476 LinesShow Last 20 Lines

lib/Basic/LangOptions.cpp

Show All 26 Lines
#define BENIGN_LANGOPT(Name, Bits, Default, Description) Name = Default; #define BENIGN_LANGOPT(Name, Bits, Default, Description) Name = Default;
#define BENIGN_ENUM_LANGOPT(Name, Type, Bits, Default, Description) \ #define BENIGN_ENUM_LANGOPT(Name, Type, Bits, Default, Description) \
Name = Default; Name = Default;
#include "clang/Basic/LangOptions.def" #include "clang/Basic/LangOptions.def"
// FIXME: This should not be reset; modules can be different with different // FIXME: This should not be reset; modules can be different with different
// sanitizer options (this affects __has_feature(address_sanitizer) etc). // sanitizer options (this affects __has_feature(address_sanitizer) etc).
Sanitize.clear(); Sanitize.clear();
SanitizerBlacklists.clear();
SanitizerBlacklistFiles.clear(); SanitizerBlacklistFiles.clear();
XRayAlwaysInstrumentFiles.clear(); XRayAlwaysInstrumentFiles.clear();
XRayNeverInstrumentFiles.clear(); XRayNeverInstrumentFiles.clear();
CurrentModule.clear(); CurrentModule.clear();
IsHeaderFile = false; IsHeaderFile = false;
} }
bool LangOptions::isNoBuiltinFunc(StringRef FuncName) const { bool LangOptions::isNoBuiltinFunc(StringRef FuncName) const {
for (unsigned i = 0, e = NoBuiltinFuncs.size(); i != e; ++i) for (unsigned i = 0, e = NoBuiltinFuncs.size(); i != e; ++i)
if (FuncName.equals(NoBuiltinFuncs[i])) if (FuncName.equals(NoBuiltinFuncs[i]))
return true; return true;
return false; return false;
} }

lib/Basic/SanitizerBlacklist.cpp

Show All 9 Lines
// User-provided blacklist used to disable/alter instrumentation done in // User-provided blacklist used to disable/alter instrumentation done in
// sanitizers. // sanitizers.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "clang/Basic/SanitizerBlacklist.h" #include "clang/Basic/SanitizerBlacklist.h"
using namespace clang; using namespace clang;
SanitizerBlacklist::SanitizerBlacklist( SanitizerBlacklistInfo::SanitizerBlacklistInfo(
const std::vector<std::string> &BlacklistPaths, SourceManager &SM) ArrayRef<SanitizerBlacklist> Blacklists, SourceManager &SM)
: SCL(llvm::SpecialCaseList::createOrDie(BlacklistPaths)), SM(SM) {} : SM(SM) {
for (const auto &SB : Blacklists)
BLs.emplace_back(SB.Sanitizers,
llvm::SpecialCaseList::createOrDie({SB.Path}));
}
bool SanitizerBlacklist::isBlacklistedGlobal(StringRef GlobalName, bool SanitizerBlacklistInfo::isBlacklisted(StringRef SectionName,
StringRef Ident, SanitizerMask Kind,
StringRef Category) const { StringRef Category) const {
return SCL->inSection("global", GlobalName, Category); for (const auto &BL : BLs)
if ((BL.Sanitizers & Kind) &&
BL.SCL->inSection(SectionName, Ident, Category))
return true;
return false;
} }
bool SanitizerBlacklist::isBlacklistedType(StringRef MangledTypeName, bool SanitizerBlacklistInfo::isBlacklistedGlobal(StringRef GlobalName,
SanitizerMask Kind,
StringRef Category) const { StringRef Category) const {
return SCL->inSection("type", MangledTypeName, Category); return isBlacklisted("global", GlobalName, Kind, Category);
} }
bool SanitizerBlacklist::isBlacklistedFunction(StringRef FunctionName) const { bool SanitizerBlacklistInfo::isBlacklistedType(StringRef MangledTypeName,
return SCL->inSection("fun", FunctionName); SanitizerMask Kind,
StringRef Category) const {
return isBlacklisted("type", MangledTypeName, Kind, Category);
} }
bool SanitizerBlacklist::isBlacklistedFile(StringRef FileName, bool SanitizerBlacklistInfo::isBlacklistedFunction(StringRef FunctionName,
SanitizerMask Kind) const {
return isBlacklisted("fun", FunctionName, Kind, StringRef());
}
bool SanitizerBlacklistInfo::isBlacklistedFile(StringRef FileName,
SanitizerMask Kind,
StringRef Category) const { StringRef Category) const {
return SCL->inSection("src", FileName, Category); return isBlacklisted("src", FileName, Kind, Category);
} }
bool SanitizerBlacklist::isBlacklistedLocation(SourceLocation Loc, bool SanitizerBlacklistInfo::isBlacklistedLocation(SourceLocation Loc,
SanitizerMask Kind,
StringRef Category) const { StringRef Category) const {
return Loc.isValid() && return Loc.isValid() &&
isBlacklistedFile(SM.getFilename(SM.getFileLoc(Loc)), Category); isBlacklistedFile(SM.getFilename(SM.getFileLoc(Loc)), Kind, Category);
} }

lib/CodeGen/CGClass.cpp

Show First 20 LinesShow All 2,599 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitVTablePtrCheck(const CXXRecordDecl *RD,
llvm::Value *VTable, llvm::Value *VTable,
CFITypeCheckKind TCK, CFITypeCheckKind TCK,
SourceLocation Loc) { SourceLocation Loc) {
if (!CGM.getCodeGenOpts().SanitizeCfiCrossDso && if (!CGM.getCodeGenOpts().SanitizeCfiCrossDso &&
!CGM.HasHiddenLTOVisibility(RD)) !CGM.HasHiddenLTOVisibility(RD))
return; return;
std::string TypeName = RD->getQualifiedNameAsString(); std::string TypeName = RD->getQualifiedNameAsString();
if (getContext().getSanitizerBlacklist().isBlacklistedType(TypeName)) if (getContext().getSanitizerBlacklist().isBlacklistedType(
TypeName, SanitizerKind::CFI))
return; return;
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
llvm::SanitizerStatKind SSK; llvm::SanitizerStatKind SSK;
switch (TCK) { switch (TCK) {
case CFITCK_VCall: case CFITCK_VCall:
SSK = llvm::SanStat_CFI_VCall; SSK = llvm::SanStat_CFI_VCall;
break; break;
▲ Show 20 LinesShow All 66 Lines▼ Show 20 Lines
bool CodeGenFunction::ShouldEmitVTableTypeCheckedLoad(const CXXRecordDecl *RD) { bool CodeGenFunction::ShouldEmitVTableTypeCheckedLoad(const CXXRecordDecl *RD) {
if (!CGM.getCodeGenOpts().WholeProgramVTables || if (!CGM.getCodeGenOpts().WholeProgramVTables ||
!SanOpts.has(SanitizerKind::CFIVCall) || !SanOpts.has(SanitizerKind::CFIVCall) ||
!CGM.getCodeGenOpts().SanitizeTrap.has(SanitizerKind::CFIVCall) || !CGM.getCodeGenOpts().SanitizeTrap.has(SanitizerKind::CFIVCall) ||
!CGM.HasHiddenLTOVisibility(RD)) !CGM.HasHiddenLTOVisibility(RD))
return false; return false;
std::string TypeName = RD->getQualifiedNameAsString(); std::string TypeName = RD->getQualifiedNameAsString();
return !getContext().getSanitizerBlacklist().isBlacklistedType(TypeName); return !getContext().getSanitizerBlacklist().isBlacklistedType(
TypeName, SanitizerKind::CFI);
} }
llvm::Value *CodeGenFunction::EmitVTableTypeCheckedLoad( llvm::Value *CodeGenFunction::EmitVTableTypeCheckedLoad(
const CXXRecordDecl *RD, llvm::Value *VTable, uint64_t VTableByteOffset) { const CXXRecordDecl *RD, llvm::Value *VTable, uint64_t VTableByteOffset) {
SanitizerScope SanScope(this); SanitizerScope SanScope(this);
EmitSanitizerStatReport(llvm::SanStat_CFI_VCall); EmitSanitizerStatReport(llvm::SanStat_CFI_VCall);
▲ Show 20 LinesShow All 199 LinesShow Last 20 Lines

lib/CodeGen/CGDeclCXX.cpp

Show First 20 LinesShow All 272 Lines▼ Show 20 Linesllvm::Function *CodeGenModule::CreateGlobalInitOrDestructFunction(
SetInternalFunctionAttributes(nullptr, Fn, FI); SetInternalFunctionAttributes(nullptr, Fn, FI);
Fn->setCallingConv(getRuntimeCC()); Fn->setCallingConv(getRuntimeCC());
if (!getLangOpts().Exceptions) if (!getLangOpts().Exceptions)
Fn->setDoesNotThrow(); Fn->setDoesNotThrow();
if (!isInSanitizerBlacklist(Fn, Loc)) { SanitizerMask ASanMask =
if (getLangOpts().Sanitize.hasOneOf(SanitizerKind::Address | SanitizerKind::Address | SanitizerKind::KernelAddress;
SanitizerKind::KernelAddress)) if (getLangOpts().Sanitize.hasOneOf(ASanMask))
if (!isInSanitizerBlacklist(ASanMask, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeAddress); Fn->addFnAttr(llvm::Attribute::SanitizeAddress);
if (getLangOpts().Sanitize.has(SanitizerKind::Thread)) if (getLangOpts().Sanitize.has(SanitizerKind::Thread))
if (!isInSanitizerBlacklist(SanitizerKind::Thread, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeThread); Fn->addFnAttr(llvm::Attribute::SanitizeThread);
if (getLangOpts().Sanitize.has(SanitizerKind::Memory)) if (getLangOpts().Sanitize.has(SanitizerKind::Memory))
if (!isInSanitizerBlacklist(SanitizerKind::Memory, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SanitizeMemory); Fn->addFnAttr(llvm::Attribute::SanitizeMemory);
if (getLangOpts().Sanitize.has(SanitizerKind::SafeStack)) if (getLangOpts().Sanitize.has(SanitizerKind::SafeStack))
if (!isInSanitizerBlacklist(SanitizerKind::SafeStack, Fn, Loc))
Fn->addFnAttr(llvm::Attribute::SafeStack); Fn->addFnAttr(llvm::Attribute::SafeStack);
}
return Fn; return Fn;
} }
/// Create a global pointer to a function that will initialize a global /// Create a global pointer to a function that will initialize a global
/// variable. The user has requested that this pointer be emitted in a specific /// variable. The user has requested that this pointer be emitted in a specific
/// section. /// section.
void CodeGenModule::EmitPointerToInitFunc(const VarDecl *D, void CodeGenModule::EmitPointerToInitFunc(const VarDecl *D,
▲ Show 20 LinesShow All 326 LinesShow Last 20 Lines

lib/CodeGen/CGExpr.cpp

Show First 20 LinesShow All 656 Lines▼ Show 20 Lines if (SanOpts.has(SanitizerKind::Vptr) &&
// being the implementation happens to be deterministic. // being the implementation happens to be deterministic.
SmallString<64> MangledName; SmallString<64> MangledName;
llvm::raw_svector_ostream Out(MangledName); llvm::raw_svector_ostream Out(MangledName);
CGM.getCXXABI().getMangleContext().mangleCXXRTTI(Ty.getUnqualifiedType(), CGM.getCXXABI().getMangleContext().mangleCXXRTTI(Ty.getUnqualifiedType(),
Out); Out);
// Blacklist based on the mangled type. // Blacklist based on the mangled type.
if (!CGM.getContext().getSanitizerBlacklist().isBlacklistedType( if (!CGM.getContext().getSanitizerBlacklist().isBlacklistedType(
Out.str())) { Out.str(), SanitizerKind::Vptr)) {
llvm::hash_code TypeHash = hash_value(Out.str()); llvm::hash_code TypeHash = hash_value(Out.str());
// Load the vptr, and compute hash_16_bytes(TypeHash, vptr). // Load the vptr, and compute hash_16_bytes(TypeHash, vptr).
llvm::Value *Low = llvm::ConstantInt::get(Int64Ty, TypeHash); llvm::Value *Low = llvm::ConstantInt::get(Int64Ty, TypeHash);
llvm::Type *VPtrTy = llvm::PointerType::get(IntPtrTy, 0); llvm::Type *VPtrTy = llvm::PointerType::get(IntPtrTy, 0);
Address VPtrAddr(Builder.CreateBitCast(Ptr, VPtrTy), getPointerAlign()); Address VPtrAddr(Builder.CreateBitCast(Ptr, VPtrTy), getPointerAlign());
llvm::Value *VPtrVal = Builder.CreateLoad(VPtrAddr); llvm::Value *VPtrVal = Builder.CreateLoad(VPtrAddr);
llvm::Value *High = Builder.CreateZExt(VPtrVal, Int64Ty); llvm::Value *High = Builder.CreateZExt(VPtrVal, Int64Ty);
▲ Show 20 LinesShow All 3,841 LinesShow Last 20 Lines

lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 727 Lines▼ Show 20 Lines if (const auto *FD = dyn_cast_or_null<FunctionDecl>(D))
if (FD->usesSEHTry()) if (FD->usesSEHTry())
CurSEHParent = FD; CurSEHParent = FD;
CurFuncDecl = (D ? D->getNonClosureContext() : nullptr); CurFuncDecl = (D ? D->getNonClosureContext() : nullptr);
FnRetTy = RetTy; FnRetTy = RetTy;
CurFn = Fn; CurFn = Fn;
CurFnInfo = &FnInfo; CurFnInfo = &FnInfo;
assert(CurFn->isDeclaration() && "Function already has body?"); assert(CurFn->isDeclaration() && "Function already has body?");
if (CGM.isInSanitizerBlacklist(Fn, Loc)) // If this function has been blacklisted for any of the enabled sanitizers,
SanOpts.clear(); // disable the sanitizer for the function.
do {
#define SANITIZER(NAME, ID) \
if (SanOpts.empty()) \
break; \
if (SanOpts.has(SanitizerKind::ID)) \
if (CGM.isInSanitizerBlacklist(SanitizerKind::ID, Fn, Loc)) \
SanOpts.set(SanitizerKind::ID, false);
#include "clang/Basic/Sanitizers.def"
#undef SANITIZER
} while (0);
if (D) { if (D) {
// Apply the no_sanitize* attributes to SanOpts. // Apply the no_sanitize* attributes to SanOpts.
for (auto Attr : D->specific_attrs<NoSanitizeAttr>()) for (auto Attr : D->specific_attrs<NoSanitizeAttr>())
SanOpts.Mask &= ~Attr->getMask(); SanOpts.Mask &= ~Attr->getMask();
} }
// Apply sanitizer attributes to the function. // Apply sanitizer attributes to the function.
▲ Show 20 LinesShow All 1,420 LinesShow Last 20 Lines

lib/CodeGen/CodeGenModule.h

Show First 20 LinesShow All 1,110 Lines▼ Show 20 Linespublic:
llvm::Constant *EmitAnnotateAttr(llvm::GlobalValue *GV, llvm::Constant *EmitAnnotateAttr(llvm::GlobalValue *GV,
const AnnotateAttr *AA, const AnnotateAttr *AA,
SourceLocation L); SourceLocation L);
/// Add global annotations that are set on D, for the global GV. Those /// Add global annotations that are set on D, for the global GV. Those
/// annotations are emitted during finalization of the LLVM code. /// annotations are emitted during finalization of the LLVM code.
void AddGlobalAnnotations(const ValueDecl *D, llvm::GlobalValue *GV); void AddGlobalAnnotations(const ValueDecl *D, llvm::GlobalValue *GV);
bool isInSanitizerBlacklist(llvm::Function *Fn, SourceLocation Loc) const; bool isInSanitizerBlacklist(SanitizerMask Kind, llvm::Function *Fn,
SourceLocation Loc) const;
bool isInSanitizerBlacklist(llvm::GlobalVariable *GV, SourceLocation Loc, bool isInSanitizerBlacklist(llvm::GlobalVariable *GV, SourceLocation Loc,
QualType Ty, QualType Ty,
StringRef Category = StringRef()) const; StringRef Category = StringRef()) const;
/// Imbue XRay attributes to a function, applying the always/never attribute /// Imbue XRay attributes to a function, applying the always/never attribute
/// lists in the process. Returns true if we did imbue attributes this way, /// lists in the process. Returns true if we did imbue attributes this way,
/// false otherwise. /// false otherwise.
▲ Show 20 LinesShow All 217 LinesShow Last 20 Lines

lib/CodeGen/CodeGenModule.cpp

Show First 20 LinesShow All 1,435 Lines▼ Show 20 Lines
void CodeGenModule::AddGlobalAnnotations(const ValueDecl *D, void CodeGenModule::AddGlobalAnnotations(const ValueDecl *D,
llvm::GlobalValue *GV) { llvm::GlobalValue *GV) {
assert(D->hasAttr<AnnotateAttr>() && "no annotate attribute"); assert(D->hasAttr<AnnotateAttr>() && "no annotate attribute");
// Get the struct elements for these annotations. // Get the struct elements for these annotations.
for (const auto *I : D->specific_attrs<AnnotateAttr>()) for (const auto *I : D->specific_attrs<AnnotateAttr>())
Annotations.push_back(EmitAnnotateAttr(GV, I, D->getLocation())); Annotations.push_back(EmitAnnotateAttr(GV, I, D->getLocation()));
} }
bool CodeGenModule::isInSanitizerBlacklist(llvm::Function *Fn, bool CodeGenModule::isInSanitizerBlacklist(SanitizerMask Kind,
llvm::Function *Fn,
SourceLocation Loc) const { SourceLocation Loc) const {
const auto &SanitizerBL = getContext().getSanitizerBlacklist(); const auto &SanitizerBL = getContext().getSanitizerBlacklist();
// Blacklist by function name. // Blacklist by function name.
if (SanitizerBL.isBlacklistedFunction(Fn->getName())) if (SanitizerBL.isBlacklistedFunction(Fn->getName(), Kind))
return true; return true;
// Blacklist by location. // Blacklist by location.
if (Loc.isValid()) if (Loc.isValid())
return SanitizerBL.isBlacklistedLocation(Loc); return SanitizerBL.isBlacklistedLocation(Loc, Kind);
// If location is unknown, this may be a compiler-generated function. Assume // If location is unknown, this may be a compiler-generated function. Assume
// it's located in the main file. // it's located in the main file.
auto &SM = Context.getSourceManager(); auto &SM = Context.getSourceManager();
if (const auto *MainFile = SM.getFileEntryForID(SM.getMainFileID())) { if (const auto *MainFile = SM.getFileEntryForID(SM.getMainFileID())) {
return SanitizerBL.isBlacklistedFile(MainFile->getName()); return SanitizerBL.isBlacklistedFile(MainFile->getName(), Kind);
} }
return false; return false;
} }
bool CodeGenModule::isInSanitizerBlacklist(llvm::GlobalVariable *GV, bool CodeGenModule::isInSanitizerBlacklist(llvm::GlobalVariable *GV,
SourceLocation Loc, QualType Ty, SourceLocation Loc, QualType Ty,
StringRef Category) const { StringRef Category) const {
// For now globals can be blacklisted only in ASan and KASan. // For now globals can be blacklisted only in ASan and KASan.
if (!LangOpts.Sanitize.hasOneOf( SanitizerMask ASanMask =
SanitizerKind::Address | SanitizerKind::KernelAddress)) SanitizerKind::Address | SanitizerKind::KernelAddress;
if (!LangOpts.Sanitize.hasOneOf(ASanMask))
return false; return false;
const auto &SanitizerBL = getContext().getSanitizerBlacklist(); const auto &SanitizerBL = getContext().getSanitizerBlacklist();
if (SanitizerBL.isBlacklistedGlobal(GV->getName(), Category)) if (SanitizerBL.isBlacklistedGlobal(GV->getName(), ASanMask, Category))
return true; return true;
if (SanitizerBL.isBlacklistedLocation(Loc, Category)) if (SanitizerBL.isBlacklistedLocation(Loc, ASanMask, Category))
return true; return true;
// Check global type. // Check global type.
if (!Ty.isNull()) { if (!Ty.isNull()) {
// Drill down the array types: if global variable of a fixed type is // Drill down the array types: if global variable of a fixed type is
// blacklisted, we also don't instrument arrays of them. // blacklisted, we also don't instrument arrays of them.
while (auto AT = dyn_cast<ArrayType>(Ty.getTypePtr())) while (auto AT = dyn_cast<ArrayType>(Ty.getTypePtr()))
Ty = AT->getElementType(); Ty = AT->getElementType();
Ty = Ty.getCanonicalType().getUnqualifiedType(); Ty = Ty.getCanonicalType().getUnqualifiedType();
// We allow to blacklist only record types (classes, structs etc.) // We allow to blacklist only record types (classes, structs etc.)
if (Ty->isRecordType()) { if (Ty->isRecordType()) {
std::string TypeStr = Ty.getAsString(getContext().getPrintingPolicy()); std::string TypeStr = Ty.getAsString(getContext().getPrintingPolicy());
if (SanitizerBL.isBlacklistedType(TypeStr, Category)) if (SanitizerBL.isBlacklistedType(TypeStr, ASanMask, Category))
return true; return true;
} }
} }
return false; return false;
} }
bool CodeGenModule::imbueXRayAttrs(llvm::Function *Fn, SourceLocation Loc, bool CodeGenModule::imbueXRayAttrs(llvm::Function *Fn, SourceLocation Loc,
StringRef Category) const { StringRef Category) const {
▲ Show 20 LinesShow All 2,915 LinesShow Last 20 Lines

lib/Driver/SanitizerArgs.cpp

Show First 20 LinesShow All 77 Lines▼ Show 20 Lines
/// a value in \p Mask. For instance, the argument /// a value in \p Mask. For instance, the argument
/// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce /// "-fsanitize=address,alignment" with mask \c NeedsUbsanRt would produce
/// "-fsanitize=alignment". /// "-fsanitize=alignment".
static std::string describeSanitizeArg(const llvm::opt::Arg *A, static std::string describeSanitizeArg(const llvm::opt::Arg *A,
SanitizerMask Mask); SanitizerMask Mask);
/// Produce a string containing comma-separated names of sanitizers in \p /// Produce a string containing comma-separated names of sanitizers in \p
/// Sanitizers set. /// Sanitizers set.
static std::string toString(const clang::SanitizerSet &Sanitizers); static std::string toString(SanitizerMask Kinds);
static std::string toString(SanitizerSet Sanitizers);
static bool getDefaultBlacklist(const Driver &D, SanitizerMask Kinds, /// Given the name of a sanitizer, produce the corresponding ordinal value.
std::string &BLPath) { static SanitizerMask toMask(StringRef SanitizerFlag);
const char *BlacklistFile = nullptr;
if (Kinds & Address) void SanitizerArgs::collectDefaultBlacklists(const Driver &D,
BlacklistFile = "asan_blacklist.txt"; SanitizerMask Kinds) {
else if (Kinds & Memory) const std::pair<SanitizerMask, const char *> Blacklists[] = {
BlacklistFile = "msan_blacklist.txt"; {Address, "asan_blacklist.txt"},
else if (Kinds & Thread) {Memory, "msan_blacklist.txt"},
BlacklistFile = "tsan_blacklist.txt"; {Thread, "tsan_blacklist.txt"},
else if (Kinds & DataFlow) {DataFlow, "dfsan_abilist.txt"},
BlacklistFile = "dfsan_abilist.txt"; {CFI, "cfi_blacklist.txt"}};
else if (Kinds & CFI)
BlacklistFile = "cfi_blacklist.txt"; for (const auto &BL : Blacklists) {
if (!(BL.first & Kinds))
continue;
if (BlacklistFile) {
clang::SmallString<64> Path(D.ResourceDir); clang::SmallString<64> Path(D.ResourceDir);
llvm::sys::path::append(Path, BlacklistFile); llvm::sys::path::append(Path, BL.second);
BLPath = Path.str(); if (llvm::sys::fs::exists(Path)) {
return true; SanitizerBlacklistFiles.push_back(Path.str());
SanitizerBlacklists.emplace_back(BL.first,
SanitizerBlacklistFiles.back());
}
} }
return false;
} }
/// Sets group bits for every group that has at least one representative already /// Sets group bits for every group that has at least one representative already
/// enabled in \p Kinds. /// enabled in \p Kinds.
static SanitizerMask setGroupBits(SanitizerMask Kinds) { static SanitizerMask setGroupBits(SanitizerMask Kinds) {
#define SANITIZER(NAME, ID) #define SANITIZER(NAME, ID)
#define SANITIZER_GROUP(NAME, ID, ALIAS) \ #define SANITIZER_GROUP(NAME, ID, ALIAS) \
if (Kinds & SanitizerKind::ID) \ if (Kinds & SanitizerKind::ID) \
▲ Show 20 LinesShow All 264 Lines▼ Show 20 Lines for (const auto *Arg : Args) {
} }
} }
RecoverableKinds &= Kinds; RecoverableKinds &= Kinds;
RecoverableKinds &= ~Unrecoverable; RecoverableKinds &= ~Unrecoverable;
TrappingKinds &= Kinds; TrappingKinds &= Kinds;
// Setup blacklist files. // Setup blacklist files.
// Add default blacklist from resource directory. collectDefaultBlacklists(D, Kinds);
{
std::string BLPath;
if (getDefaultBlacklist(D, Kinds, BLPath) && llvm::sys::fs::exists(BLPath))
BlacklistFiles.push_back(BLPath);
}
// Parse -f(no-)sanitize-blacklist options. // Parse -f(no-)sanitize-blacklist options.
for (const auto *Arg : Args) { for (const auto *Arg : Args) {
if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) { if (Arg->getOption().matches(options::OPT_fsanitize_blacklist)) {
Arg->claim(); Arg->claim();
std::string BLPath = Arg->getValue(); std::string BLPath = Arg->getValue();
if (llvm::sys::fs::exists(BLPath)) { if (llvm::sys::fs::exists(BLPath)) {
BlacklistFiles.push_back(BLPath); SanitizerBlacklistFiles.push_back(BLPath);
ExtraDeps.push_back(BLPath); SanitizerBlacklists.emplace_back(All, SanitizerBlacklistFiles.back());
ExtraDeps.emplace_back(SanitizerBlacklistFiles.back());
} else } else
D.Diag(clang::diag::err_drv_no_such_file) << BLPath; D.Diag(clang::diag::err_drv_no_such_file) << BLPath;
} else if (Arg->getOption().matches(options::OPT_fno_sanitize_blacklist)) { } else if (Arg->getOption().matches(options::OPT_fno_sanitize_blacklist)) {
Arg->claim(); Arg->claim();
BlacklistFiles.clear(); SanitizerBlacklistFiles.clear();
SanitizerBlacklists.clear();
ExtraDeps.clear(); ExtraDeps.clear();
} }
} }
// Validate blacklists format. // Validate blacklists format.
{ {
std::string BLError; std::string BLError;
std::unique_ptr<llvm::SpecialCaseList> SCL( std::unique_ptr<llvm::SpecialCaseList> SCL(
llvm::SpecialCaseList::create(BlacklistFiles, BLError)); llvm::SpecialCaseList::create(SanitizerBlacklistFiles, BLError));
if (!SCL.get()) if (!SCL.get())
D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError; D.Diag(clang::diag::err_drv_malformed_sanitizer_blacklist) << BLError;
} }
// Parse -f[no-]sanitize-memory-track-origins[=level] options. // Parse -f[no-]sanitize-memory-track-origins[=level] options.
if (AllAddedKinds & Memory) { if (AllAddedKinds & Memory) {
if (Arg *A = if (Arg *A =
Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ, Args.getLastArg(options::OPT_fsanitize_memory_track_origins_EQ,
▲ Show 20 LinesShow All 142 Lines▼ Show 20 Lines LinkCXXRuntimes =
Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX(); Args.hasArg(options::OPT_fsanitize_link_cxx_runtime) || D.CCCIsCXX();
// Finally, initialize the set of available and recoverable sanitizers. // Finally, initialize the set of available and recoverable sanitizers.
Sanitizers.Mask |= Kinds; Sanitizers.Mask |= Kinds;
RecoverableSanitizers.Mask |= RecoverableKinds; RecoverableSanitizers.Mask |= RecoverableKinds;
TrapSanitizers.Mask |= TrappingKinds; TrapSanitizers.Mask |= TrappingKinds;
} }
static std::string toString(const clang::SanitizerSet &Sanitizers) { static std::string toString(SanitizerMask Kinds) {
std::string Res; std::string Res;
#define SANITIZER(NAME, ID) \ #define SANITIZER(NAME, ID) \
if (Sanitizers.has(ID)) { \ if (Kinds & ID) { \
if (!Res.empty()) \ if (!Res.empty()) \
Res += ","; \ Res += ","; \
Res += NAME; \ Res += NAME; \
} }
#include "clang/Basic/Sanitizers.def" #include "clang/Basic/Sanitizers.def"
#undef SANITIZER
return Res; return Res;
} }
static std::string toString(SanitizerSet Sanitizers) {
return toString(Sanitizers.Mask);
}
static SanitizerMask toMask(StringRef SanitizerFlag) {
#define SANITIZER(NAME, ID) \
if (SanitizerFlag == NAME) \
return ID;
#include "clang/Basic/Sanitizers.def"
#undef SANITIZER
return SanitizerMask();
}
static void addIncludeLinkerOption(const ToolChain &TC, static void addIncludeLinkerOption(const ToolChain &TC,
const llvm::opt::ArgList &Args, const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs, llvm::opt::ArgStringList &CmdArgs,
StringRef SymbolName) { StringRef SymbolName) {
SmallString<64> LinkerOptionFlag; SmallString<64> LinkerOptionFlag;
LinkerOptionFlag = "--linker-option=/include:"; LinkerOptionFlag = "--linker-option=/include:";
if (TC.getTriple().getArch() == llvm::Triple::x86) { if (TC.getTriple().getArch() == llvm::Triple::x86) {
// Win32 mangles C function names with a '_' prefix. // Win32 mangles C function names with a '_' prefix.
LinkerOptionFlag += '_'; LinkerOptionFlag += '_';
} }
LinkerOptionFlag += SymbolName; LinkerOptionFlag += SymbolName;
CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag)); CmdArgs.push_back(Args.MakeArgString(LinkerOptionFlag));
} }
std::string SanitizerArgs::encodeBlacklistArg(const SanitizerBlacklist &SB) {
return toString(SB.Sanitizers) + ":" + SB.Path.str();
}
bool SanitizerArgs::decodeBlacklistArg(const std::string &Arg,
SanitizerMask &Kinds,
std::string &Path) {
StringRef LHS, RHS;
std::tie(LHS, RHS) = StringRef(Arg).split(':');
if (LHS.empty() || RHS.empty())
return false;
SmallVector<StringRef, 4> Sanitizers;
LHS.split(Sanitizers, ',', /*MaxSplit=*/-1, /*KeepEmpty=*/false);
if (Sanitizers.empty())
return false;
for (StringRef Sanitizer : Sanitizers) {
if (SanitizerMask Kind = toMask(Sanitizer))
Kinds |= Kind;
else
return false;
}
Path = RHS.str();
return true;
}
void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args, void SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
llvm::opt::ArgStringList &CmdArgs, llvm::opt::ArgStringList &CmdArgs,
types::ID InputType) const { types::ID InputType) const {
// NVPTX doesn't currently support sanitizers. Bailing out here means that // NVPTX doesn't currently support sanitizers. Bailing out here means that
// e.g. -fsanitize=address applies only to host code, which is what we want // e.g. -fsanitize=address applies only to host code, which is what we want
// for now. // for now.
if (TC.getTriple().isNVPTX()) if (TC.getTriple().isNVPTX())
return; return;
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Linesvoid SanitizerArgs::addArgs(const ToolChain &TC, const llvm::opt::ArgList &Args,
if (!RecoverableSanitizers.empty()) if (!RecoverableSanitizers.empty())
CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" + CmdArgs.push_back(Args.MakeArgString("-fsanitize-recover=" +
toString(RecoverableSanitizers))); toString(RecoverableSanitizers)));
if (!TrapSanitizers.empty()) if (!TrapSanitizers.empty())
CmdArgs.push_back( CmdArgs.push_back(
Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers))); Args.MakeArgString("-fsanitize-trap=" + toString(TrapSanitizers)));
for (const auto &BLPath : BlacklistFiles) { for (const auto &SB : SanitizerBlacklists) {
SmallString<64> BlacklistOpt("-fsanitize-blacklist="); SmallString<64> BlacklistOpt("-fsanitize-blacklist=");
BlacklistOpt += BLPath; BlacklistOpt += encodeBlacklistArg(SB);
CmdArgs.push_back(Args.MakeArgString(BlacklistOpt)); CmdArgs.push_back(Args.MakeArgString(BlacklistOpt));
} }
for (const auto &Dep : ExtraDeps) { for (const auto &Dep : ExtraDeps) {
SmallString<64> ExtraDepOpt("-fdepfile-entry="); SmallString<64> ExtraDepOpt("-fdepfile-entry=");
ExtraDepOpt += Dep; ExtraDepOpt += Dep;
CmdArgs.push_back(Args.MakeArgString(ExtraDepOpt)); CmdArgs.push_back(Args.MakeArgString(ExtraDepOpt));
} }
▲ Show 20 LinesShow All 153 LinesShow Last 20 Lines

lib/Frontend/CompilerInvocation.cpp

Show All 9 Lines
#include "clang/Frontend/CompilerInvocation.h" #include "clang/Frontend/CompilerInvocation.h"
#include "TestModuleFileExtension.h" #include "TestModuleFileExtension.h"
#include "clang/Basic/Builtins.h" #include "clang/Basic/Builtins.h"
#include "clang/Basic/FileManager.h" #include "clang/Basic/FileManager.h"
#include "clang/Basic/Version.h" #include "clang/Basic/Version.h"
#include "clang/Config/config.h" #include "clang/Config/config.h"
#include "clang/Driver/DriverDiagnostic.h" #include "clang/Driver/DriverDiagnostic.h"
#include "clang/Driver/Options.h" #include "clang/Driver/Options.h"
#include "clang/Driver/SanitizerArgs.h"
#include "clang/Driver/Util.h" #include "clang/Driver/Util.h"
#include "clang/Frontend/FrontendDiagnostic.h" #include "clang/Frontend/FrontendDiagnostic.h"
#include "clang/Frontend/LangStandard.h" #include "clang/Frontend/LangStandard.h"
#include "clang/Frontend/Utils.h" #include "clang/Frontend/Utils.h"
#include "clang/Lex/HeaderSearchOptions.h" #include "clang/Lex/HeaderSearchOptions.h"
#include "clang/Lex/PreprocessorOptions.h" #include "clang/Lex/PreprocessorOptions.h"
#include "clang/Serialization/ASTReader.h" #include "clang/Serialization/ASTReader.h"
#include "clang/Serialization/ModuleFileExtension.h" #include "clang/Serialization/ModuleFileExtension.h"
▲ Show 20 LinesShow All 361 Lines▼ Show 20 Lines for (const auto &Sanitizer : Sanitizers) {
SanitizerMask K = parseSanitizerValue(Sanitizer, /*AllowGroups=*/false); SanitizerMask K = parseSanitizerValue(Sanitizer, /*AllowGroups=*/false);
if (K == 0) if (K == 0)
Diags.Report(diag::err_drv_invalid_value) << FlagName << Sanitizer; Diags.Report(diag::err_drv_invalid_value) << FlagName << Sanitizer;
else else
S.set(K, true); S.set(K, true);
} }
} }
static void
parseSanitizerBlacklists(StringRef FlagName, LangOptions &Opts,
const std::vector<std::string> &BlacklistArgs,
DiagnosticsEngine &Diags) {
for (const std::string &BA : BlacklistArgs) {
SanitizerMask Kind;
std::string Path;
if (!SanitizerArgs::decodeBlacklistArg(BA, Kind, Path)) {
Diags.Report(diag::err_drv_invalid_value) << FlagName << BA;
continue;
}
Opts.SanitizerBlacklistFiles.emplace_back(std::move(Path));
Opts.SanitizerBlacklists.emplace_back(Kind,
Opts.SanitizerBlacklistFiles.back());
}
}
// Set the profile kind for fprofile-instrument. // Set the profile kind for fprofile-instrument.
static void setPGOInstrumentor(CodeGenOptions &Opts, ArgList &Args, static void setPGOInstrumentor(CodeGenOptions &Opts, ArgList &Args,
DiagnosticsEngine &Diags) { DiagnosticsEngine &Diags) {
Arg *A = Args.getLastArg(OPT_fprofile_instrument_EQ); Arg *A = Args.getLastArg(OPT_fprofile_instrument_EQ);
if (A == nullptr) if (A == nullptr)
return; return;
StringRef S = A->getValue(); StringRef S = A->getValue();
unsigned I = llvm::StringSwitch<unsigned>(S) unsigned I = llvm::StringSwitch<unsigned>(S)
▲ Show 20 LinesShow All 1,938 Lines▼ Show 20 Lines#include "clang/Frontend/LangStandards.def"
} }
// Parse -fsanitize= arguments. // Parse -fsanitize= arguments.
parseSanitizerKinds("-fsanitize=", Args.getAllArgValues(OPT_fsanitize_EQ), parseSanitizerKinds("-fsanitize=", Args.getAllArgValues(OPT_fsanitize_EQ),
Diags, Opts.Sanitize); Diags, Opts.Sanitize);
// -fsanitize-address-field-padding=N has to be a LangOpt, parse it here. // -fsanitize-address-field-padding=N has to be a LangOpt, parse it here.
Opts.SanitizeAddressFieldPadding = Opts.SanitizeAddressFieldPadding =
getLastArgIntValue(Args, OPT_fsanitize_address_field_padding, 0, Diags); getLastArgIntValue(Args, OPT_fsanitize_address_field_padding, 0, Diags);
Opts.SanitizerBlacklistFiles = Args.getAllArgValues(OPT_fsanitize_blacklist); parseSanitizerBlacklists("-fsanitize-blacklist", Opts,
Args.getAllArgValues(OPT_fsanitize_blacklist),
Diags);
// -fxray-instrument // -fxray-instrument
Opts.XRayInstrument = Opts.XRayInstrument =
Args.hasFlag(OPT_fxray_instrument, OPT_fnoxray_instrument, false); Args.hasFlag(OPT_fxray_instrument, OPT_fnoxray_instrument, false);
// -fxray-{always,never}-instrument= filenames. // -fxray-{always,never}-instrument= filenames.
Opts.XRayAlwaysInstrumentFiles = Opts.XRayAlwaysInstrumentFiles =
Args.getAllArgValues(OPT_fxray_always_instrument); Args.getAllArgValues(OPT_fxray_always_instrument);
▲ Show 20 LinesShow All 414 LinesShow Last 20 Lines

test/CodeGen/address-safety-attr.cpp

int DefinedInDifferentFile(int *a); int DefinedInDifferentFile(int *a);
// RUN: echo "int DefinedInDifferentFile(int *a) { return *a; }" > %t.extra-source.cpp // RUN: echo "int DefinedInDifferentFile(int *a) { return *a; }" > %t.extra-source.cpp
// RUN: echo "struct S { S(){} ~S(){} };" >> %t.extra-source.cpp // RUN: echo "struct S { S(){} ~S(){} };" >> %t.extra-source.cpp
// RUN: echo "S glob_array[5];" >> %t.extra-source.cpp // RUN: echo "S glob_array[5];" >> %t.extra-source.cpp
// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp | FileCheck -check-prefix=WITHOUT %s // RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp | FileCheck -check-prefix=WITHOUT %s
// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp -fsanitize=address | FileCheck -check-prefix=ASAN %s // RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp -fsanitize=address | FileCheck -check-prefix=ASAN %s
// RUN: echo "fun:*BlacklistedFunction*" > %t.func.blacklist // RUN: echo "fun:*BlacklistedFunction*" > %t.func.blacklist
// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.func.blacklist | FileCheck -check-prefix=BLFUNC %s // RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=address:%t.func.blacklist | FileCheck -check-prefix=BLFUNC %s
// The blacklist file uses regexps, so escape backslashes, which are common in // The blacklist file uses regexps, so escape backslashes, which are common in
// Windows paths. // Windows paths.
// RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t.file.blacklist // RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t.file.blacklist
// RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.file.blacklist | FileCheck -check-prefix=BLFILE %s // RUN: %clang_cc1 -std=c++11 -triple x86_64-apple-darwin -emit-llvm -o - %s -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=address:%t.file.blacklist | FileCheck -check-prefix=BLFILE %s
// The sanitize_address attribute should be attached to functions // The sanitize_address attribute should be attached to functions
// when AddressSanitizer is enabled, unless no_sanitize_address attribute // when AddressSanitizer is enabled, unless no_sanitize_address attribute
// is present. // is present.
// Attributes for function defined in different source file: // Attributes for function defined in different source file:
// WITHOUT: DefinedInDifferentFile{{.*}} [[NOATTR:#[0-9]+]] // WITHOUT: DefinedInDifferentFile{{.*}} [[NOATTR:#[0-9]+]]
// BLFILE: DefinedInDifferentFile{{.*}} [[WITH:#[0-9]+]] // BLFILE: DefinedInDifferentFile{{.*}} [[WITH:#[0-9]+]]
▲ Show 20 LinesShow All 132 LinesShow Last 20 Lines

test/CodeGen/asan-globals.cpp

// RUN: echo "int extra_global;" > %t.extra-source.cpp // RUN: echo "int extra_global;" > %t.extra-source.cpp
// RUN: echo "global:*blacklisted_global*" > %t.blacklist // RUN: echo "global:*blacklisted_global*" > %t.blacklist
// RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.blacklist -emit-llvm -o - %s | FileCheck %s // RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=address:%t.blacklist -emit-llvm -o - %s | FileCheck %s
// The blacklist file uses regexps, so Windows path backslashes. // The blacklist file uses regexps, so Windows path backslashes.
// RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t.blacklist-src // RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t.blacklist-src
// RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=%t.blacklist-src -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST-SRC // RUN: %clang_cc1 -include %t.extra-source.cpp -fsanitize=address -fsanitize-blacklist=address:%t.blacklist-src -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST-SRC
int global; int global;
int dyn_init_global = global; int dyn_init_global = global;
int __attribute__((no_sanitize("address"))) attributed_global; int __attribute__((no_sanitize("address"))) attributed_global;
int blacklisted_global; int blacklisted_global;
void func() { void func() {
static int static_var = 0; static int static_var = 0;
Show All 26 Lines

test/CodeGen/sanitize-address-field-padding.cpp

// Test -fsanitize-address-field-padding // Test -fsanitize-address-field-padding
// RUN: echo 'type:SomeNamespace::BlacklistedByName=field-padding' > %t.type.blacklist // RUN: echo 'type:SomeNamespace::BlacklistedByName=field-padding' > %t.type.blacklist
// RUN: echo 'src:*sanitize-address-field-padding.cpp=field-padding' > %t.file.blacklist // RUN: echo 'src:*sanitize-address-field-padding.cpp=field-padding' > %t.file.blacklist
// RUN: %clang_cc1 -triple x86_64-unknown-unknown -fsanitize=address -fsanitize-address-field-padding=1 -fsanitize-blacklist=%t.type.blacklist -Rsanitize-address -emit-llvm -o - %s 2>&1 | FileCheck %s // RUN: %clang_cc1 -triple x86_64-unknown-unknown -fsanitize=address -fsanitize-address-field-padding=1 -fsanitize-blacklist=address:%t.type.blacklist -Rsanitize-address -emit-llvm -o - %s 2>&1 | FileCheck %s
// RUN: %clang_cc1 -triple x86_64-unknown-unknown -fsanitize=address -fsanitize-address-field-padding=1 -fsanitize-blacklist=%t.type.blacklist -Rsanitize-address -emit-llvm -o - %s -O1 -mconstructor-aliases 2>&1 | FileCheck %s --check-prefix=WITH_CTOR_ALIASES // RUN: %clang_cc1 -triple x86_64-unknown-unknown -fsanitize=address -fsanitize-address-field-padding=1 -fsanitize-blacklist=address:%t.type.blacklist -Rsanitize-address -emit-llvm -o - %s -O1 -mconstructor-aliases 2>&1 | FileCheck %s --check-prefix=WITH_CTOR_ALIASES
// RUN: %clang_cc1 -triple x86_64-unknown-unknown -fsanitize=address -fsanitize-address-field-padding=1 -fsanitize-blacklist=%t.file.blacklist -Rsanitize-address -emit-llvm -o - %s 2>&1 | FileCheck %s --check-prefix=FILE_BLACKLIST // RUN: %clang_cc1 -triple x86_64-unknown-unknown -fsanitize=address -fsanitize-address-field-padding=1 -fsanitize-blacklist=address:%t.file.blacklist -Rsanitize-address -emit-llvm -o - %s 2>&1 | FileCheck %s --check-prefix=FILE_BLACKLIST
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - %s 2>&1 | FileCheck %s --check-prefix=NO_PADDING // RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - %s 2>&1 | FileCheck %s --check-prefix=NO_PADDING
// Try to emulate -save-temps option and make sure -disable-llvm-passes will not run sanitize instrumentation. // Try to emulate -save-temps option and make sure -disable-llvm-passes will not run sanitize instrumentation.
// RUN: %clang_cc1 -fsanitize=address -emit-llvm -disable-llvm-passes -o - %s | %clang_cc1 -fsanitize=address -emit-llvm -o - -x ir | FileCheck %s --check-prefix=NO_PADDING // RUN: %clang_cc1 -fsanitize=address -emit-llvm -disable-llvm-passes -o - %s | %clang_cc1 -fsanitize=address -emit-llvm -o - -x ir | FileCheck %s --check-prefix=NO_PADDING
// //
// The reasons to ignore a particular class are not set in stone and will change. // The reasons to ignore a particular class are not set in stone and will change.
// //
// CHECK: -fsanitize-address-field-padding applied to Positive1 // CHECK: -fsanitize-address-field-padding applied to Positive1
▲ Show 20 LinesShow All 225 LinesShow Last 20 Lines

test/CodeGen/sanitize-init-order.cpp

// RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - %s | FileCheck %s // RUN: %clang_cc1 -fsanitize=address -emit-llvm -o - %s | FileCheck %s
// Test blacklist functionality. // Test blacklist functionality.
// RUN: echo "src:%s=init" | sed -e 's/\\/\\\\/g' > %t-file.blacklist // RUN: echo "src:%s=init" | sed -e 's/\\/\\\\/g' > %t-file.blacklist
// RUN: echo "type:PODWithCtorAndDtor=init" > %t-type.blacklist // RUN: echo "type:PODWithCtorAndDtor=init" > %t-type.blacklist
// RUN: echo "type:NS::PODWithCtor=init" >> %t-type.blacklist // RUN: echo "type:NS::PODWithCtor=init" >> %t-type.blacklist
// RUN: %clang_cc1 -fsanitize=address -fsanitize-blacklist=%t-file.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST // RUN: %clang_cc1 -fsanitize=address -fsanitize-blacklist=address:%t-file.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST
// RUN: %clang_cc1 -fsanitize=address -fsanitize-blacklist=%t-type.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST // RUN: %clang_cc1 -fsanitize=address -fsanitize-blacklist=address:%t-type.blacklist -emit-llvm -o - %s | FileCheck %s --check-prefix=BLACKLIST
struct PODStruct { struct PODStruct {
int x; int x;
}; };
PODStruct s1; PODStruct s1;
struct PODWithDtor { struct PODWithDtor {
~PODWithDtor() { } ~PODWithDtor() { }
Show All 33 Lines

test/CodeGen/sanitize-thread-attr.cpp

// RUN: %clang_cc1 -triple x86_64-apple-darwin -emit-llvm -o - %s | FileCheck -check-prefix=WITHOUT %s // RUN: %clang_cc1 -triple x86_64-apple-darwin -emit-llvm -o - %s | FileCheck -check-prefix=WITHOUT %s
// RUN: %clang_cc1 -triple x86_64-apple-darwin -emit-llvm -o - %s -fsanitize=thread | FileCheck -check-prefix=TSAN %s // RUN: %clang_cc1 -triple x86_64-apple-darwin -emit-llvm -o - %s -fsanitize=thread | FileCheck -check-prefix=TSAN %s
// RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t // RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t
// RUN: %clang_cc1 -triple x86_64-apple-darwin -emit-llvm -o - %s -fsanitize=thread -fsanitize-blacklist=%t | FileCheck -check-prefix=BL %s // RUN: %clang_cc1 -triple x86_64-apple-darwin -emit-llvm -o - %s -fsanitize=thread -fsanitize-blacklist=thread:%t | FileCheck -check-prefix=BL %s
// The sanitize_thread attribute should be attached to functions // The sanitize_thread attribute should be attached to functions
// when ThreadSanitizer is enabled, unless no_sanitize_thread attribute // when ThreadSanitizer is enabled, unless no_sanitize_thread attribute
// is present. // is present.
// WITHOUT: NoTSAN1{{.*}}) [[NOATTR:#[0-9]+]] // WITHOUT: NoTSAN1{{.*}}) [[NOATTR:#[0-9]+]]
// BL: NoTSAN1{{.*}}) [[NOATTR:#[0-9]+]] // BL: NoTSAN1{{.*}}) [[NOATTR:#[0-9]+]]
// TSAN: NoTSAN1{{.*}}) [[NOATTR:#[0-9]+]] // TSAN: NoTSAN1{{.*}}) [[NOATTR:#[0-9]+]]
▲ Show 20 LinesShow All 50 LinesShow Last 20 Lines

test/CodeGen/ubsan-blacklist.c

// Verify ubsan doesn't emit checks for blacklisted functions and files // Verify ubsan doesn't emit checks for blacklisted functions and files
// RUN: echo "fun:hash" > %t-func.blacklist // RUN: echo "fun:hash" > %t-func.blacklist
// RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t-file.blacklist // RUN: echo "src:%s" | sed -e 's/\\/\\\\/g' > %t-file.blacklist
// RUN: %clang_cc1 -fsanitize=unsigned-integer-overflow -emit-llvm %s -o - | FileCheck %s --check-prefix=DEFAULT // RUN: %clang_cc1 -fsanitize=unsigned-integer-overflow -emit-llvm %s -o - | FileCheck %s --check-prefix=DEFAULT
// RUN: %clang_cc1 -fsanitize=unsigned-integer-overflow -fsanitize-blacklist=%t-func.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=FUNC // RUN: %clang_cc1 -fsanitize=unsigned-integer-overflow -fsanitize-blacklist=unsigned-integer-overflow:%t-func.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=FUNC
// RUN: %clang_cc1 -fsanitize=unsigned-integer-overflow -fsanitize-blacklist=%t-file.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=FILE // RUN: %clang_cc1 -fsanitize=unsigned-integer-overflow -fsanitize-blacklist=unsigned-integer-overflow:%t-file.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=FILE
unsigned i; unsigned i;
// DEFAULT: @hash // DEFAULT: @hash
// FUNC: @hash // FUNC: @hash
// FILE: @hash // FILE: @hash
unsigned hash() { unsigned hash() {
// DEFAULT: call {{.*}}void @__ubsan // DEFAULT: call {{.*}}void @__ubsan
Show All 14 Lines

test/CodeGen/ubsan-type-blacklist.cpp

// Verify ubsan vptr does not check down-casts on blacklisted types. // Verify ubsan vptr does not check down-casts on blacklisted types.
// RUN: echo "type:_ZTI3Foo" > %t-type.blacklist // RUN: echo "type:_ZTI3Foo" > %t-type.blacklist
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -fsanitize-recover=vptr -emit-llvm %s -o - | FileCheck %s --check-prefix=DEFAULT // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -fsanitize-recover=vptr -emit-llvm %s -o - | FileCheck %s --check-prefix=DEFAULT
// RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -fsanitize-recover=vptr -fsanitize-blacklist=%t-type.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=TYPE // RUN: %clang_cc1 -triple x86_64-linux-gnu -fsanitize=vptr -fsanitize-recover=vptr -fsanitize-blacklist=vptr:%t-type.blacklist -emit-llvm %s -o - | FileCheck %s --check-prefix=TYPE
class Bar { class Bar {
public: public:
virtual ~Bar() {} virtual ~Bar() {}
}; };
class Foo : public Bar {}; class Foo : public Bar {};
Bar bar; Bar bar;
Show All 11 Lines

test/CodeGenCXX/cfi-blacklist.cpp

// RUN: %clang_cc1 -triple %itanium_abi_triple -fvisibility hidden -fms-extensions -fsanitize=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOBL %s // RUN: %clang_cc1 -triple %itanium_abi_triple -fvisibility hidden -fms-extensions -fsanitize=cfi-vcall -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOBL %s
// RUN: echo "type:std::*" > %t.txt // RUN: echo "type:std::*" > %t.txt
// RUN: %clang_cc1 -triple %itanium_abi_triple -fvisibility hidden -fms-extensions -fsanitize=cfi-vcall -fsanitize-blacklist=%t.txt -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOSTD %s // RUN: %clang_cc1 -triple %itanium_abi_triple -fvisibility hidden -fms-extensions -fsanitize=cfi-vcall -fsanitize-blacklist=cfi-vcall:%t.txt -emit-llvm -o - %s | FileCheck --check-prefix=CHECK --check-prefix=NOSTD %s
struct S1 { struct S1 {
virtual void f(); virtual void f();
}; };
namespace std { namespace std {
struct S2 { struct S2 {
Show All 18 Lines

test/Driver/Inputs/resource_dir/cfi_blacklist.txt

  • This file was added.
This is an empty file.

test/Driver/fsanitize-blacklist.c

Show All 14 Lines
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-blacklist=%t.good -fsanitize-blacklist=%t.second %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-BLACKLIST // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-blacklist=%t.good -fsanitize-blacklist=%t.second %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-BLACKLIST
// CHECK-BLACKLIST: -fsanitize-blacklist={{.*}}.good" "-fsanitize-blacklist={{.*}}.second // CHECK-BLACKLIST: -fsanitize-blacklist={{.*}}.good" "-fsanitize-blacklist={{.*}}.second
// Now, check for -fdepfile-entry flags. // Now, check for -fdepfile-entry flags.
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-blacklist=%t.good -fsanitize-blacklist=%t.second %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-BLACKLIST2 // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -fsanitize-blacklist=%t.good -fsanitize-blacklist=%t.second %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-BLACKLIST2
// CHECK-BLACKLIST2: -fdepfile-entry={{.*}}.good" "-fdepfile-entry={{.*}}.second // CHECK-BLACKLIST2: -fdepfile-entry={{.*}}.good" "-fdepfile-entry={{.*}}.second
// Check that the default blacklist is not added as an extra dependency. // Check that the default blacklist is not added as an extra dependency.
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-DEFAULT-BLACKLIST --implicit-check-not=fdepfile-entry // RUN: %clang -target x86_64-linux-gnu -fsanitize=address -resource-dir=%S/Inputs/resource_dir %s -### &> %t.cc1_asan
// RUN: FileCheck %s --check-prefix=CHECK-DEFAULT-BLACKLIST --implicit-check-not=fdepfile-entry -input-file %t.cc1_asan
// CHECK-DEFAULT-BLACKLIST: -fsanitize-blacklist={{.*}}asan_blacklist.txt // CHECK-DEFAULT-BLACKLIST: -fsanitize-blacklist={{.*}}asan_blacklist.txt
// Check that default blacklists are not added unless the matching sanitizer is
// enabled, even if the blacklist exists.
// RUN: FileCheck %s --implicit-check-not=cfi_blacklist.txt -input-file %t.cc1_asan
// Check that we can add multiple default blacklists if the matching sanitizers
// are enabled.
// RUN: %clang -target x86_64-linux-gnu -fsanitize=address,cfi -flto -fvisibility=hidden -resource-dir=%S/Inputs/resource_dir %s -### 2>&1 | FileCheck %s --check-prefix=MULTIPLE-DEFAULT-BLACKLISTS
// MULTIPLE-DEFAULT-BLACKLISTS-DAG: -fsanitize-blacklist={{.*}}asan_blacklist.txt
// MULTIPLE-DEFAULT-BLACKLISTS-DAG: -fsanitize-blacklist={{.*}}cfi_blacklist.txt
// Ignore -fsanitize-blacklist flag if there is no -fsanitize flag. // Ignore -fsanitize-blacklist flag if there is no -fsanitize flag.
// RUN: %clang -target x86_64-linux-gnu -fsanitize-blacklist=%t.good %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-SANITIZE --check-prefix=DELIMITERS // RUN: %clang -target x86_64-linux-gnu -fsanitize-blacklist=%t.good %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-SANITIZE --check-prefix=DELIMITERS
// CHECK-NO-SANITIZE-NOT: -fsanitize-blacklist // CHECK-NO-SANITIZE-NOT: -fsanitize-blacklist
// Ignore -fsanitize-blacklist flag if there is no -fsanitize flag. // Ignore -fsanitize-blacklist flag if there is no -fsanitize flag.
// Now, check for the absense of -fdepfile-entry flags. // Now, check for the absense of -fdepfile-entry flags.
// RUN: %clang -target x86_64-linux-gnu -fsanitize-blacklist=%t.good %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-SANITIZE2 --check-prefix=DELIMITERS // RUN: %clang -target x86_64-linux-gnu -fsanitize-blacklist=%t.good %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-SANITIZE2 --check-prefix=DELIMITERS
// CHECK-NO-SANITIZE2-NOT: -fdepfile-entry // CHECK-NO-SANITIZE2-NOT: -fdepfile-entry
Show All 20 Lines

test/Frontend/sanitizer-blacklists.c

  • This file was added.
// Blacklisting a function for ASan shouldn't affect TSan instrumentation.
//
// RUN: echo "fun:foo" > %t.blacklist
//
// RUN: %clang_cc1 -fsanitize=address,thread -triple x86_64-apple-darwin10 \
// RUN: -fsanitize-blacklist=address:%t.blacklist \
// RUN: -S -emit-llvm -o - %s | FileCheck %s --check-prefixes=COMMON,CHECK1
// Check that we can blacklist a function for multiple sanitizers using
// separate blacklists.
//
// RUN: %clang_cc1 -fsanitize=address,thread -triple x86_64-apple-darwin10 \
// RUN: -fsanitize-blacklist=address:%t.blacklist \
// RUN: -fsanitize-blacklist=thread:%t.tsan_blacklist \
// RUN: -S -emit-llvm -o - %s | FileCheck %s --check-prefixes=COMMON,CHECK2
// Check that we can blacklist a function for multiple sanitizers using the
// same blacklist.
//
// RUN: %clang_cc1 -fsanitize=address,thread -triple x86_64-apple-darwin10 \
// RUN: -fsanitize-blacklist=address,thread:%t.blacklist \
// RUN: -S -emit-llvm -o - %s | FileCheck %s --check-prefixes=COMMON,CHECK2
// COMMON: define void @foo() [[FOO_ATTR:#[0-9]+]]
void foo() {}
// CHECK1: attributes [[FOO_ATTR]] = { {{[^}]*}} sanitize_thread
// CHECK1-NOT: sanitize_address
// CHECK2: attributes [[FOO_ATTR]]
// CHECK2-NOT: sanitize_address
// CHECK2-NOT: sanitize_thread